Reference documentation and code samples for the Cloud Asset V1 API class Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::EgressTo.
Defines the conditions under which an [EgressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressPolicy]
matches a request. Conditions are based on information about the
[ApiOperation]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation]
intended to be performed on the resources
specified. Note that if the
destination of the request is also protected by a [ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter], then that
[ServicePerimeter]
[google.identity.accesscontextmanager.v1.ServicePerimeter] must have
an [IngressPolicy]
[google.identity.accesscontextmanager.v1.ServicePerimeterConfig.IngressPolicy]
which allows access in order for this request to succeed. The request must
match operations
AND resources
fields in order to be allowed egress out
of the perimeter.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#external_resources
def external_resources() -> ::Array<::String>
- (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
#external_resources=
def external_resources=(value) -> ::Array<::String>
- value (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
- (::Array<::String>) — A list of external resources that are allowed to be accessed. Only AWS and Azure resources are supported. For Amazon S3, the supported format is s3://BUCKET_NAME. For Azure Storage, the supported format is azure://myaccount.blob.core.windows.net/CONTAINER_NAME. A request matches if it contains an external resource in this list (Example: s3://bucket/path). Currently '*' is not allowed.
#operations
def operations() -> ::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>
- (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.
#operations=
def operations=(value) -> ::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>
- value (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.
- (::Array<::Google::Identity::AccessContextManager::V1::ServicePerimeterConfig::ApiOperation>) — A list of [ApiOperations] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.ApiOperation] allowed to be performed by the sources specified in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it uses an operation/service in this list.
#resources
def resources() -> ::Array<::String>
-
(::Array<::String>) — A list of resources, currently only projects in the form
projects/<projectnumber>
, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If*
is specified forresources
, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.
#resources=
def resources=(value) -> ::Array<::String>
-
value (::Array<::String>) — A list of resources, currently only projects in the form
projects/<projectnumber>
, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If*
is specified forresources
, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.
-
(::Array<::String>) — A list of resources, currently only projects in the form
projects/<projectnumber>
, that are allowed to be accessed by sources defined in the corresponding [EgressFrom] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressFrom]. A request matches if it contains a resource in this list. If*
is specified forresources
, then this [EgressTo] [google.identity.accesscontextmanager.v1.ServicePerimeterConfig.EgressTo] rule will authorize access to all resources outside the perimeter.